As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS - at last a decent and free Vulnerability Scanner!
OpenVAS stands for Open Vulnerability Assessment [...]

HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included [...]

It’s somewhat ironic that shortly after the Kaminsky DNS bug went wild and almost immediately got ported into Metasploit that it was then used to attack HD Moore’s very own company BreakingPoint.
It happened just a couple of days ago, it doesnt seem to have been a targeted attack though more like mass spammers/scammers leveraging [...]

SIPcrack is a suite for sniffing and cracking the digest authentication used in the SIP protocol.
The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

If you don’t have OpenSSL installed or encounter any building problems try ‘make no-openssl’ to build with [...]

There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild.
To top that, they have already been ported into Metasploit!
I hope all the major ISPs are in a patching frenzy right now and not thinking to themselves that there [...]

In the story we recently covered where Terry Childs had locked San Fransisco officials out of their own network, there is a new development.
He’s handed over the passcode to the Mayor, Gavin Newsom. It seems he came to his senses and he also seems to have VERY little faith in the IT administration for the [...]

Another disgruntled IT worked causing mayhem, remember the guy that destroyed all the medical records?
He got a pretty hefty sentence, now we have another who has locked everyone out of the new ’state of the art’ computer network in San Fransisco - he’s on a $5 million dollar bail so I’d say he’s in big [...]

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet [...]

FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.

Maybe there have been times when [...]

The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.

The program currently performs the following operations:

Get the host’s addresse (A record).
Get the namservers (threaded).

Get the MX [...]

Now this is an oldskool topic, wardialling! Some people still ask me about wardialling tools though, so here’s one I found recently written in Python.
PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and “modern” analog modems (running at 9.6kbit/s or higher). Wardialing tools are - [...]

Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit [...]

ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects. It has a lot of features and it makes ARP a bit safer. This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or “Static ARP Inspection”, the second on [...]

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

svmap - this is a sip scanner. Lists SIP devices found on an IP range
svwar - identifies active extensions on a PBX
svcrack - an online password cracker for SIP PBX
svreport - manages sessions [...]

The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer’s CDROM and making your computer boot from it!

This toolkit is [...]

Crackers briefly hijacked hacking tools website Metasploit.com on Monday.
Metasploit is an advanced open-source exploit development platform used by most pen-testers. A tool we often mention here on Darknet.
On Monday the site was redirected to a page announcing the site was “hacked by sunwear ! just for fun“, as recorded by Sunbelt Software.

Unidentified miscreants used an [...]

Angry IP scanner is a very fast IP address and port scanner.
It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Angry IP scanner simply pings each IP address to check if it’s alive, then [...]

SIP devices are getting to be very common now, especially with open source bundled OS offerings like Trixbox making it easy to setup your own digital or IP-PBX.

Along with the frequent installations, many (if not most) VoIP devices have available a Web GUI for their configuration, management, and report generation. These Web GUIs are often [...]

thc-Amap (Application MAPper) is another excellent tool more towards banner grabbing and protocol detection than OS-fingerprinting. But from the services running on a machine you can get a good idea of the OS and the purpose of the server.
Amap is a next-generation scanning tool for pentesters. It attempts to identify applications even if they are [...]

Sometimes I wonder to myself have I mentioned a certain tool on the site, usually one of my favourites…often I search the site to find I have never posted about it.
It just goes to show how we often overlook some of the more ‘obvious’ choices, and to many people they may not be that obvious. [...]

rtpbreak 1.3a has been released, we initially brought you news of this tool back in August 2007 with the first announcement of rtpbreak.

With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn’t require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP etc). The input [...]

CDPSnarf if a network sniffer exclusively written to extract information from CDP packets. It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.
The application is written in C using the popular PCAP library.

Sample Output
Cisco AIR-AP1231G-E-K9 Access Point:

$ sudo ./cdpsnarf eth2
Waiting for a CDP packet…

[#0] Sniffed [...]

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so ProxyStrike was born.
Right now it has available SQL [...]

After nearly 10 years of developement Wireshark (formely known as Ethereal) has finally reached version 1!
For those that don’t know, Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the [...]

httprecon is a tool for advanced web server fingerprinting, similar to httprint that we mentioned previously.
The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.
Besides the discussion [...]

Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page.

Nipper currently supports the following device types:

Cisco Switches (IOS)
Cisco Routers (IOS)
Cisco Firewalls [...]

Ferret works on the concept of “data seepage”: bits of benign data that people willingly broadcast to the world (as opposed to “leakage”, which is data people want to hide from the world).

Examples of data seepage are what happens when you power-on your computer. It will broadcast to the world the list of WiFi access-points [...]

One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release - not a minor upgrade.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate [...]

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.
NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and [...]

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously [...]

For some reason I’ve never posted about Kismet, and I don’t like to assume everyone knows everything. So for those who may not have heard of it, here’s Kismet.
Kismet is one of foundation tools Wireless Hacking, it’s very mature and does what it’s supposed to do.
Kismet is an 802.11 layer2 wireless network detector, sniffer, and [...]

Another tool for the security side, good for forensics, monitoring and auditing.
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, [...]

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments.
In Cisco IP Phone networks, it first dissects either [...]

Unicornscan has always been a favourite of mine, especially for UDP scanning and scanning large networks (and getting it done fast).
Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. [...]

Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.
Advantages of Pcapy

Works with [...]

A new generation of phishing attacks is being studied jointly by Google and Georgia Institute of Technology, it seems the bad guys are getting some smarter ideas.
They are using Open Recursive DNS servers to poison DNS queries and return false information, thus luring consumers to even more realistic phishing domains.

Researchers at Google and the Georgia [...]

At last a new major release of Nmap!
If for some odd reason you don’t already know what Nmap is, it is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host [...]

Scanrand is extremely quick and effective port scanner. It works by forking two distinct processes:

One to send the initial queries
One to receive responses and reconcile them from the above

This makes it extremely fast.
If you haven’t heard of the suite, Scanrand is one of the five tools in Paketto Keiretsu by Dan “Effugas” Kaminsky [...]

The newest version of Technitium MAC Address Changer was released a while back, v4.7. There are some minor changes and it’s looking to be pretty polished for a free tool.
Of course some might say “It’s just a registry entry? What’s the big deal?” Well this just makes it easier, especially when you are doing audits [...]

The firewall test suite fwtest is a security auditing tool made up of two parts: the test control application fwtest and optionally one or two helper processes named fwagent. The test control application fwtest starts up the python interpreter with the given test script. The test script controls the packet data flow between two virtual [...]

A freeware tool to trace TCP/UDP sessions and fetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG), SMTP emails and so on from the captured data inside network traffic logs.
Similar to tcpflow which we mentioned recently.
A [...]

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like ‘tcpdump’ shows a summary of packets seen on the wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow [...]

WifiZoo is a tool to gather wifi information passively. Similar to dsniff but for wireless work, the author wanted to do something wifi-related somewhat helpful in wifi pentesting. Something of an extension of Ferret from Errata.
It’s essentially a tool to get information from open wifi networks without joining any network, and covering all wifi [...]

I was looking through my toolbox to see what else is useful and I came across this one, httprint - the only caveat is that it’s a little out of date. It still does a good job though.
httprint is a web server fingerprinting tool.
It relies on web server characteristics to accurately identify web servers, despite [...]

The LORCON packet injection library provides a high level interface to transmit IEEE 802.11 packets onto a wireless medium. Written for Linux systems, this architecture simplifies the development of 802.11 packet injection through an abstraction layer, making the development of auditing and assessment tools driver- independent.
Using LORCON, developers can write tools that inject packets onto [...]

IPAudit monitors network activity on a network by host, protocol and port. It listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating [...]

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform.
PIRANA’s goal is to test whether or not any vulnerability exists on the content [...]

rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it doesn’t require the presence of RTCP packets (voipong needs them) that aren’t always transmitted from the recent VoIP clients.
The RTP sessions are composed by [...]

The first Link Layer Discovery Protocol Fuzzer is now available, test cases are also ready to be used along with the tool. The fuzzing architecure makes it easy to extend the tool with new test cases and more LLDP compliant devices arise.
LLDP is a Layer 2 protocol which allows network devices to advertise their identity [...]

An interesting happening this week, some ISP’s have been jacking the DNS entries for certain IRC networks to crack down on zombie/bot infections.
Is it ethical? Should they be doing this to their users?
I first got wind of this from a post on Full Disclosure mailing list from an IRC network administrator.
You can read that e-mail [...]

Dr.Morena is a tool to confirm the rule configuration of a Firewall.
The configuration of a Firewall is done by combining more than one rule. Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration [...]

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.
The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for [...]

ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios.
Formerly announced as ScarabMon [...]

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called “carving”) is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. tcpxtract uses this technique specifically for the application of [...]

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

ProxyFuzz is a good tool for [...]

Some cool free tools made by folks from the French Honeynet Project.
FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:

FakeNetbiosDGM (NetBIOS Datagram)
FakeNetbiosNS (NetBIOS Name Service)

Each tool can be used as a standalone tool or as a honeyd responder or subsystem.
FakeNetbiosDGM sends NetBIOS Datagram service packets on [...]

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.
It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable isofile
From a USB stick/disk (optionally [...]

Another video in 2-3 days… I think i this becoming like a mania for me… Anyway in this video i played around with netstat so that for those who do not play with it could see the possibilities it offers to us… no more tutorials like:

netstat -a
to view all you connections
the end

… because I have [...]

Or half-open scanning technique is the first of three to come series about stealth scanning… The other two are Xmas/Fin/Null and idle/zombie scan techniques…
Intro
This is a series of three to come articles about stealth scanning, everything that I am going to present is hping oriented so if you want to learn this techniques you’d better [...]

Sguil (pronounced sgweel) is probably best described as an aggregation system for network security monitoring tools. It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you [...]

Technitium MAC Address Changer v4.5 has been released.
Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. Every NIC [...]

Foundstone Blast v2.0 is a small, quick TCP service stress test tool. Blast does a good amount of work very quickly and can help spot potential weaknesses in your network servers.
Features:
/trial switch adds the ability to see how the buffer looks before sending it
/v switch adds verbose option - off by default
/nr switch turns off [...]

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject packets for:

ARP
DNS
ETHERNET
ICMP
IGMP
IP
OSPF
RIP
TCP

UDP

Using the IP [...]

Another flaw in Cisco’s IOS, this time a problem with FTP, the mechanism used to update the firmware on Cisco devices (routers & switches mostly).
You really don’t want someone playing around with your configuration files on your router do you?

IOS FTP, which comes disabled by default in IOS, is used to upload IOS software images [...]

ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of pseudo random packets of the target protocol. The packets be given tendencies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the [...]

The VoIP Security Alliance (VOIPSA) is pleased to announce the public release of its VoIP security tool list. Check it out at:
http://www.voipsa.org/Resources/tools.php
This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools.

This list was developed to address the current void of VoIP security testing resources and sites, [...]

What is Scapy?
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery [...]

Gomor released a LLTD (Link Layer Topology Discovery Protocol) implementation written in Perl (using Net::Frame framework).
You may use this two modules to write fuzzers, or anything.

You can find the modules here:

Net Frame LLTD

There is another option for DNS Brute Forcing which uses threads, so may be faster than TXDNS 2.0 which we posted about recently.
What does it do?
This program was written to extract valid hosts of a domain that deny zone transfers.
The program supports:

IPv4 => IP Address of [...]

OWASP JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.
The purpose of this application is to provide a single, [...]

Well at least it shows the Internet is not very susceptible to such attacks due to its distributed nature, even if the root nameservers are down, the DNS system still functions.
This was a pretty heavy attack though and the most significant in the past 5 years or so, someone testing their ego I guess.
I CAN [...]

ADN - Active Directory Navigator is a little tool to visually explore an Active Directory and perform a simple dictionary attack against users’ password.
You can download the tool here:

ADN - Active Directory Navigator
MD5 4a1e3bb33a25d91d7d7a70877f8374ef
SHA1 a0bf80e9426835b88cc6604784d2d949efe5645f
Notes: It requires .NET framework and PCSoft framework

There are not many good tools for replaying traffic, most people use WireShark (formely known as Ethereal) for capturing the traffic, but what happens if you want to take that capture and reply it over the wire?
Someone has this problem so they decided to code their own solution, thankfully for us! There are quite a [...]

ADtool is a neat tool to help you list all the machines that are part of an Active Directory driven domain or network.
It is intended to help pentesters and admins in their day to day work, there are some other tools that can accomplish the work for listing domain servers, but unfortunately all other tools [...]

LFT
LFT, short for Layer Four Traceroute, is a sort of ‘traceroute’ that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al.
What makes LFT [...]